DHS Pipeline Cybersecurity Requirements Update

In the last year alone, the number of successful, large-scale cyber-attacks has astronomically increased (62% in the last year, to be exact) as a result of program immaturity and underinvestment, exposing new vulnerabilities for bad actors to exploit. This is showcased in recent attacks on the oil & gas industry, IT industry, and food industry. But what does this mean for the security industry as a whole? Most recently, it means cybercentric regulation is being addressed from a federal level through the new DHS pipeline cybersecurity requirements. 

Interested in all things regulatory research? Refer to OneTrust DataGuidance. 

Increasing Regulation Resulting from Cybercrime 

As cybercrime rates reach an all-time high, the criticality of the security industry becomes increasingly evident. With a cyber landscape that’s ever-changing, thorough and consistent execution of protective measures is vital in maintaining secure cyberinfrastructure throughout a country. How can we do that if cyber-attacks are reaching an all-time high? Establishing regulation from a federal level is a pivotal place to start. Let’s dive into the new DHS regulation:  

What is the new directive, and who does it affect?  

On July 20, 2021 the US Department of Homeland Security announced its second round of new cybersecurity requirements for critical pipeline owners and operators. The directive is a response to increased critical infrastructure attacks, showcasing the impact that major breaches can have on both a country’s security structure and day-to-day civilian life. The update outlines the following:   

• Owners and operators of Transportation Security Administration (TSA) designated critical pipelines to implement specific mitigation measures to protect against ransomware attacks and other known threats to information technology and operational technology systems and conduct a cybersecurity architecture design review.  

• Owners must develop and implement a cybersecurity contingency and recovery plan. 
• Owners must conduct a cybersecurity architecture design review.   

The updates highlight a major shift in the treatment of critical pipeline owners by the US Government. With the new regulation in place, we can draw similarities between the roles that other critical US infrastructure play and the role of oil and gas on the US economy and security as a whole. 

Learn more about the regulation through OneTrust DataGuidance: DHS announces cybersecurity requirements for critical pipeline owners and operators 

Why Is the Involvement of Federal Government and Cyber Regulation Increasing?  

Over the last year, there has been one consistent trend in security: a continually evolving threat landscape. Global cybersecurity spending is projected to exceed $1 trillion this year, and the cost of a successful breach ranges from $1 Million to $500 million for a company. Unfortunately, the effect of attacks goes far beyond the fiscal impact on a company. Often, it involves putting civilians at risk of having their data compromised or has a broader economic effect on the community as a whole. As the civilian impact increases and lives and commerce are put at risk, we will see increasing regulation from the federal government. 

Learn more about the White House’s response to cybercrime: US Cybersecurity Executive Order: How It Will Impact Your Vendor Risk Strategy 

Additionally, TSA is considering adding additional measures to directly support the pipeline industry in improving its cybersecurity by integrating a more robust public-private partnership surrounding critical US infrastructure. This follows in suit of President Biden’s Cybersecurity Executive Order, released in early May, suggesting that cyber regulation at a federal level will continue to become more robust as time goes on. 

Register for the webinar: US Cybersecurity Executive Order: How It Will Impact Your Vendor Risk Strategy 

How can OneTrust help? 

The OneTrust platform leverages expertise in  Vendor Risk Management, Privacy, GRC, and many other categories to deliver an immersive cybersecurity management experience. We enable you to gain visibility into all aspects of your organization’s security structure, allowing you to holistically protect both your customers and data. 

Explore OneTrust: Request a demo today. 

 

Further DHS Pipeline Cybersecurity Requirements reading:  

• Blog: New DHS Pipeline Cybersecurity Requirements: What do they mean? 

• DataGuidance Reading: USA: DHS announces Security Directive for critical pipeline sector  
• DHS Announcement: DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators 

 

Next steps on DHS Pipeline Cybersecurity Requirements:  

• Learn more about OneTrust’s platform: Request a Demo: Request a demo today 

• Learn how OneTrust’s solutions have helped energy industry clients across the globe: Cemig Operationalizes LGPD and Privacy Program with OneTrust 

 

Follow OneTrust on LinkedIn, Twitter, or YouTube for the latest on DHS Pipeline Cybersecurity Requirements.